Sony To Pay £250,000 Fine For PSN Hack

Sony Corporation (NYSE:SNE) (TYO:6758) decided to drop its appeal to the Information Commissioners Office (ICO) of the United Kingdom in connection with allegations that it violated the Data Protection Act.

The Japanese console game maker opted to pay the £250,000 penalty imposed by the ICO instead of pursuing its appeal. According to Sony Corporation (NYSE:SNE) (TYO:6758), the appeals process will disclose its security procedures. The company previously vowed to fight the decision of the agency and argued that user data was only exposed after suffering from a “focused and determined criminal attack.”

The spokesperson for Sony Corporation (NYSE:SNE) (TYO:6758) said, “After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding. We continue to disagree with the decision on the merits.”

Sony PlayStation Network Compromised in DOS Attack

In January this year, the ICO found that Sony Computer Entertainment Europe Limited, which is responsible for operating the PlayStation network platform, failed to keep up with technical developments despite its efforts to protect consumer accounts. As a result, its customers’ personal data were exposed when the platform was infiltrated by several distributed denial of services (DDoS) attacks.

In its decision, the ICO emphasized that the company “failed to ensure that appropriate technical measures were taken against unauthorized or unlawful processing of personal data stored on the Network platform such as additional cryptographic controls to protect passwords; prior to the hacking attack and addressing the system vulnerabilities at the relevant time.”

David Smith, Deputy Commissioner and Director of Data Protection, previously stated, “If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”

Smith also said that the penalty imposed against the Japanese game console maker was clearly substantial because of the seriousness of the situation. According to him, the Sony Computer Entertainment Europe Limited put a huge number of consumers at risk of identity theft.

With regard to the latest decision of the company, the ICO said, “We welcome Sony Computer Entertainment Europe Limited’s decision not to appeal our penalty notice following a serious breach of the Data Protection Act.”